Information-flow interfaces

Contract-based design is a promising methodology for taming the complexity of developing sophisticated systems. A formal contract distinguishes between assumptions, which are constraints that the designer of a component puts on the environments in which the component can be used safely, and guarantees, which are promises that the designer asks from the team that implements the component. A theory of formal contracts can be formalized as an interface theory, which supports the composition and refinement of both assumptions and guarantees. Although there is a rich landscape of contract-based design methods that address functional and extra-functional properties, we present the first interface theory designed to ensure system-wide security properties. Our framework provides a refinement relation and a composition operation that support both incremental design and independent implementability. We develop our theory for both stateless and stateful interfaces. Additionally, we introduce information-flow contracts where assumptions and guarantees are sets of flow relations. We use these contracts to illustrate how to enrich information-flow interfaces with a semantic view. We illustrate the applicability of our framework with two examples inspired by the automotive domain.

• Publication year

  2020

• Venue

  Formal methods in system design

• Publication date

  2020-02-15

• Fields of study

  Medicine, Computer Science

• Identifiers
  DOI 10.1007/s10703-024-00447-0arXiv 2002.06465PMID 40452879PMCID 12125095
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar, PubMed

• No claims are published for this paper.

• No concepts are published for this paper.

• Fundamental Approaches to Software Engineering: 25th International Conference, FASE 2022, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022, Munich, Germany, April 2–7, 2022, Proceedings

  2022cited by this paper
• NASA Formal Methods: 14th International Symposium, NFM 2022, Pasadena, CA, USA, May 24–27, 2022, Proceedings

  2022cited by this paper
• Verifying Hyperliveness

  2020cited by this paper
• Contracts for System Design

  2018cited by this paper
• A Roadmap Toward the Resilient Internet of Things for Cyber-Physical Systems

  2018cited by this paper
• Information Flow Analysis of Combined Simulink/Stateflow Models

  2018cited by this paper
• One Car, Two Frames: Attacks on Hitag-2 Remote Keyless Entry Systems Revisited

  2017cited by this paper
• Unifying Hyper and Epistemic Temporal Logics

  2014cited by this paper
• Temporal Logics for Hyperproperties

  2013influential reference
• Using JOANA for Information Flow Control in Java Programs - A Practical Guide

  2013cited by this paper
• Gone in 360 Seconds: Hijacking with Hitag2

  2012cited by this paper
• Moving from Specifications to Contracts in Component-Based Design

  2012cited by this paper
• A Modal Interface Theory for Component-based Design

  2011cited by this paper
• Types for Security Protocols

  2011cited by this paper
• Assumptions and Guarantees for Compositional Noninterference

  2011cited by this paper
• A Theory of Synchronous Relational Interfaces

  2011cited by this paper
• Epistemic temporal logic for information flow security

  2011cited by this paper
• Using contract-based component specifications for virtual integration testing and architecture design

  2011cited by this paper
• Timed I/O automata: a complete specification theory for real-time systems

  2010cited by this paper
• Describing Secure Interfaces with Interface Automata

  2010cited by this paper
• Hyperproperties

  2010cited by this paper
• A Refinement Based Notion of Non-interference for Interface Automata: Compositionality, Decidability and Synthesis

  2010cited by this paper
• Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

  2009cited by this paper
• Multiple Viewpoint Contract-Based Specification and Design

  2008cited by this paper
• Side channel analysis of an automotive microprocessor

  2008cited by this paper
• Contract-Based Verification of Hierarchical Systems of Components

  2008cited by this paper
• Interface Input/Output Automata

  2006cited by this paper
• INTERFACE-BASED DESIGN

  2005cited by this paper
• An Open Approach for Designing Secure Electronic Immobilizers

  2005cited by this paper
• Sociable Interfaces

  2005cited by this paper
• Language-based information-flow security

  2003cited by this paper
• Resource Interfaces

  2003cited by this paper
• On the composition of secure systems

  2002cited by this paper
• Interface Theories for Component-Based Design

  2001cited by this paper
• Interface automata

  2001cited by this paper
• Enforceable security policies

  2000cited by this paper
• Alternating Refinement Relations

  1998cited by this paper
• Reasoning about knowledge

  1995cited by this paper
• Assigning Meanings to Programs

  1993cited by this paper
• Applying 'design by contract'

  1992cited by this paper
• The temporal logic of programs

  1977cited by this paper
• An axiomatic basis for computer programming

  1969cited by this paper
• Conference

  1969cited by this paper
• An axiomatic basis for computer programming

  1969cited by this paper

• Information-flow Interfaces and Security Lattices

  2024cites this paper
• Application of Fuzzy Set Theory in the Distribution of Information Flows of a Network Information System

  2021cites this paper